5 matches found
EUVD-2023-0489
Malicious code in bioql PyPI...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
PT-2023-18540 · Flarum · Flarum
Name of the Vulnerable Software and Affected Versions: Flarum versions v1.3.0 through v1.6.3 Description: The issue occurs when the first post of a discussion is permanently deleted, but the discussion remains visible. This allows any actor who can view the discussion to create a new reply via th...